@dfinity/hardware-wallet-cli 0.1.0

package/build/src/ledger/identity.js

@@ -0,0 +1,216 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LedgerIdentity = void 0;
+const agent_1 = require("@dfinity/agent");
+const principal_1 = require("@dfinity/principal");
+const ledger_icp_1 = __importStar(require("@zondax/ledger-icp"));
+const secp256k1_1 = require("./secp256k1");
+// @ts-ignore (no types are available)
+const hw_transport_webhid_1 = __importDefault(require("@ledgerhq/hw-transport-webhid"));
+const hw_transport_node_hid_noevents_1 = __importDefault(require("@ledgerhq/hw-transport-node-hid-noevents"));
+// Add polyfill for `window.fetch` for agent-js to work.
+// @ts-ignore (no types are available)
+const node_fetch_1 = __importDefault(require("node-fetch"));
+global.fetch = node_fetch_1.default;
+/**
+ * Convert the HttpAgentRequest body into cbor which can be signed by the Ledger Hardware Wallet.
+ * @param request - body of the HttpAgentRequest
+ */
+function _prepareCborForLedger(request) {
+    return agent_1.Cbor.encode({ content: request });
+}
+/**
+ * A Hardware Ledger Internet Computer Agent identity.
+ */
+class LedgerIdentity extends agent_1.SignIdentity {
+    constructor(derivePath, _publicKey) {
+        super();
+        this.derivePath = derivePath;
+        this._publicKey = _publicKey;
+        // A flag to signal that the next transaction to be signed will be
+        // a "stake neuron" transaction.
+        this._neuronStakeFlag = false;
+    }
+    /**
+     * Create a LedgerIdentity using the Web USB transport.
+     * @param derivePath The derivation path.
+     */
+    static async create(derivePath = `m/44'/223'/0'/0/0`) {
+        const [app, transport] = await this._connect();
+        try {
+            const publicKey = await this._fetchPublicKeyFromDevice(app, derivePath);
+            return new this(derivePath, publicKey);
+        }
+        finally {
+            // Always close the transport.
+            transport.close();
+        }
+    }
+    /**
+     * Connect to a ledger hardware wallet.
+     */
+    static async _connect() {
+        async function getTransport() {
+            if (await hw_transport_webhid_1.default.isSupported()) {
+                // We're in a web browser.
+                return hw_transport_webhid_1.default.create();
+            }
+            else if (await hw_transport_node_hid_noevents_1.default.isSupported()) {
+                // Maybe we're in a CLI.
+                return hw_transport_node_hid_noevents_1.default.create();
+            }
+            else {
+                // Unknown environment.
+                throw Error();
+            }
+        }
+        try {
+            const transport = await getTransport();
+            const app = new ledger_icp_1.default(transport);
+            return [app, transport];
+        }
+        catch (err) {
+            // @ts-ignore
+            if (err.id && err.id == "NoDeviceFound") {
+                throw "No Ledger device found. Is the wallet connected and unlocked?";
+            }
+            else if (
+            // @ts-ignore
+            err.message &&
+                // @ts-ignore
+                err.message.includes("cannot open device with path")) {
+                throw "Cannot connect to Ledger device. Please close all other wallet applications (e.g. Ledger Live) and try again.";
+            }
+            else {
+                // Unsupported browser. Data on browser compatibility is taken from https://caniuse.com/webhid
+                throw `Cannot connect to Ledger Wallet. Either you have other wallet applications open (e.g. Ledger Live), or your browser doesn't support WebHID, which is necessary to communicate with your Ledger hardware wallet.\n\nSupported browsers:\n* Chrome (Desktop) v89+\n* Edge v89+\n* Opera v76+\n\nError: ${err}`;
+            }
+        }
+    }
+    static async _fetchPublicKeyFromDevice(app, derivePath) {
+        const resp = await app.getAddressAndPubKey(derivePath);
+        // @ts-ignore
+        if (resp.returnCode == 28161) {
+            throw "Please open the Internet Computer app on your wallet and try again.";
+        }
+        else if (resp.returnCode == ledger_icp_1.LedgerError.TransactionRejected) {
+            throw "Ledger Wallet is locked. Unlock it and try again.";
+            // @ts-ignore
+        }
+        else if (resp.returnCode == 65535) {
+            throw "Unable to fetch the public key. Please try again.";
+        }
+        // This type doesn't have the right fields in it, so we have to manually type it.
+        const principal = resp
+            .principalText;
+        const publicKey = secp256k1_1.Secp256k1PublicKey.fromRaw(new Uint8Array(resp.publicKey));
+        if (principal !==
+            principal_1.Principal.selfAuthenticating(new Uint8Array(publicKey.toDer())).toText()) {
+            throw new Error("Principal returned by device does not match public key.");
+        }
+        return publicKey;
+    }
+    /**
+     * Required by Ledger.com that the user should be able to press a Button in UI
+     * and verify the address/pubkey are the same as on the device screen.
+     */
+    async showAddressAndPubKeyOnDevice() {
+        this._executeWithApp(async (app) => {
+            await app.showAddressAndPubKey(this.derivePath);
+        });
+    }
+    /**
+     * @returns The verion of the `Internet Computer' app installed on the Ledger device.
+     */
+    async getVersion() {
+        return this._executeWithApp(async (app) => {
+            const res = await app.getVersion();
+            return {
+                major: res.major,
+                minor: res.minor,
+                patch: res.patch,
+            };
+        });
+    }
+    getPublicKey() {
+        return this._publicKey;
+    }
+    async sign(blob) {
+        console.log("About to sign");
+        console.log(Buffer.from(blob).toString("hex"));
+        return await this._executeWithApp(async (app) => {
+            const resp = await app.sign(this.derivePath, Buffer.from(blob), this._neuronStakeFlag ? 1 : 0);
+            // Remove the "neuron stake" flag, since we already signed the transaction.
+            this._neuronStakeFlag = false;
+            const signatureRS = resp.signatureRS;
+            if (!signatureRS) {
+                throw new Error(`A ledger error happened during signature:\n` +
+                    `Code: ${resp.returnCode}\n` +
+                    `Message: ${JSON.stringify(resp.errorMessage)}\n`);
+            }
+            if (signatureRS?.byteLength !== 64) {
+                throw new Error(`Signature must be 64 bytes long (is ${signatureRS.length})`);
+            }
+            return bufferToArrayBuffer(signatureRS);
+        });
+    }
+    /**
+     * Signals that the upcoming transaction to be signed will be a "stake neuron" transaction.
+     */
+    flagUpcomingStakeNeuron() {
+        this._neuronStakeFlag = true;
+    }
+    async transformRequest(request) {
+        const { body, ...fields } = request;
+        const signature = await this.sign(_prepareCborForLedger(body));
+        return {
+            ...fields,
+            body: {
+                content: body,
+                sender_pubkey: this._publicKey.toDer(),
+                sender_sig: signature,
+            },
+        };
+    }
+    async _executeWithApp(func) {
+        const [app, transport] = await LedgerIdentity._connect();
+        try {
+            // Verify that the public key of the device matches the public key of this identity.
+            const devicePublicKey = await LedgerIdentity._fetchPublicKeyFromDevice(app, this.derivePath);
+            if (JSON.stringify(devicePublicKey) !== JSON.stringify(this._publicKey)) {
+                throw new Error("Found unexpected public key. Are you sure you're using the right wallet?");
+            }
+            // Run the provided function.
+            return await func(app);
+        }
+        finally {
+            transport.close();
+        }
+    }
+}
+exports.LedgerIdentity = LedgerIdentity;
+function bufferToArrayBuffer(buffer) {
+    return buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);
+}

package/build/src/ledger/secp256k1.js

@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Secp256k1PublicKey = void 0;
+function equals(b1, b2) {
+    if (b1.byteLength !== b2.byteLength) {
+        return false;
+    }
+    const u1 = new Uint8Array(b1);
+    const u2 = new Uint8Array(b2);
+    for (let i = 0; i < u1.length; i++) {
+        if (u1[i] !== u2[i]) {
+            return false;
+        }
+    }
+    return true;
+}
+// This implementation is adjusted from the Ed25519PublicKey.
+// The RAW_KEY_LENGTH and DER_PREFIX are modified accordingly
+class Secp256k1PublicKey {
+    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
+    constructor(key) {
+        this.rawKey = key;
+        this.derKey = Secp256k1PublicKey.derEncode(key);
+    }
+    static fromRaw(rawKey) {
+        return new Secp256k1PublicKey(rawKey);
+    }
+    static fromDer(derKey) {
+        return new Secp256k1PublicKey(this.derDecode(derKey));
+    }
+    static derEncode(publicKey) {
+        if (publicKey.byteLength !== Secp256k1PublicKey.RAW_KEY_LENGTH) {
+            const bl = publicKey.byteLength;
+            throw new TypeError(`secp256k1 public key must be ${Secp256k1PublicKey.RAW_KEY_LENGTH} bytes long (is ${bl})`);
+        }
+        const derPublicKey = Uint8Array.from([
+            ...Secp256k1PublicKey.DER_PREFIX,
+            ...new Uint8Array(publicKey),
+        ]);
+        return derPublicKey.buffer;
+    }
+    static derDecode(key) {
+        const expectedLength = Secp256k1PublicKey.DER_PREFIX.length + Secp256k1PublicKey.RAW_KEY_LENGTH;
+        if (key.byteLength !== expectedLength) {
+            const bl = key.byteLength;
+            throw new TypeError(`secp256k1 DER-encoded public key must be ${expectedLength} bytes long (is ${bl})`);
+        }
+        const rawKey = key.slice(0, Secp256k1PublicKey.DER_PREFIX.length);
+        if (!equals(this.derEncode(rawKey), key)) {
+            throw new TypeError("secp256k1 DER-encoded public key is invalid. A valid secp256k1 DER-encoded public key " +
+                `must have the following prefix: ${Secp256k1PublicKey.DER_PREFIX}`);
+        }
+        return rawKey;
+    }
+    toDer() {
+        return this.derKey;
+    }
+    toRaw() {
+        return this.rawKey;
+    }
+}
+exports.Secp256k1PublicKey = Secp256k1PublicKey;
+// The length of secp256k1 public keys is always 65 bytes.
+Secp256k1PublicKey.RAW_KEY_LENGTH = 65;
+// Adding this prefix to a raw public key is sufficient to DER-encode it.
+// prettier-ignore
+Secp256k1PublicKey.DER_PREFIX = Uint8Array.from([
+    0x30, 0x56,
+    0x30, 0x10,
+    0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
+    0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a,
+    0x03, 0x42,
+    0x00, // no padding
+]);